Meta

Hackers Use This: Dominic Chell

Dominic Chell

Who are you, and what do you do?

Hi, my name is Dominic Chell (@domchell) and I live in the North West UK. I work for MDSec (@MDSecLabs), a boutique security consultancy that I helped found in 2011. Prior to that I spent just over 6 years consulting at other UK based security firms. I spend a lot of my time working in app sec, particularly in the mobile space as I head up this practice area at MDSec.

What hardware do you use?

I do most of my work from a MacBook Pro mid 2012, which is connected to a 27” Thunderbolt display when I’m in the office. Although now quite dated, the laptop is still powerful enough to satisfy my needs with an i7, 16GB of RAM and 750GB SSD. I use an iPhone 6 as my regular phone, but also have a HTC One (M8) that I occasionally use when abroad.

I sometimes end up on projects where I need to be able to hand my hard disk over to the customer when I’m done, so I also have a Dell latitude with modular bays that I use in these situations.

What does your testing network or lab look like?

I have a few lab environments.

The main scanning servers sit on a Dell PowerEdge R210 with 16GB RAM running ESXi. On there we have a couple of Debian servers and a Nessus appliance that we use for external infrastructure scanning. There is also another Debian box that sits in EC2, and is used as a C&C server for our in-house Trojan.

For mobile app testing I use a mixture of things, but the tool I’ve been most impressed with is Frida (www.frida.re) – its standalone, works cross-platform, has python bindings and the project maintainers offer great support. I would really encourage people to go and look at this project. I also use Hopper quite a lot – it’s come on leaps and bounds in the last year or so and aside from the architecture support, it now rivals IDA for RE IMO.